Case Study: How Organizations Can Affordably Gain Security Technology and Expertise
Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?
Faced with a shocking increase in security threats – a 500% increase in cybercrime in the last two years, according to one study – many organizations have responded by making a firm decision to hire experienced IT security personnel and acquire the latest and greatest security tools. But the price tag for top talent and feature-rich security suites quickly makes them reassess their needs.
Yes, they want the very best and most experienced security executives. Yes, they need to manage their endpoints, deploy patches, make their mobility options more secure, and be able to quickly spot potential vulnerabilities. But how do they afford it?
One approach that is gaining serious traction is to outsource many of these duties as possible. That can come in the form of “hiring” a virtual security executive or using a managed service provider (MSP) to take care of many IT security functions or doing both.
H2Cyber, for example, offers virtual Chief Information Security Officer (vCISO) services in addition to cybersecurity and risk management services. This cybersecurity executive management firm operates a highly skilled and experienced team of security consultants. This wealth of talent is at the disposal of anyone paying a monthly fee to gain their own vCISO. And it’s a lot more affordable than a full-time security executive. The average salary of a CISO is $273,030 in the U.S, and states such as New York and others are now requiring organizations in certain markets must assign someone to that position.
“It is merely a matter of time before a regulatory body or threat actor comes upon your business,” said Paul Horn, Founder & CEO of H2Cyber. “Regulators will be looking to make sure you have basic cybersecurity measures in place to reduce the risk of a cyberattack as well as having required safeguards in place to protect client and customer information. Threat actors, on the other hand, will look to exploit the lack of basic safeguards regardless of your company’s size.”
H2Cyber helps its clientele avoid breaches by delivering vCISO services and offering cyber-strategy advice.
“A vCISO allows the organization to navigate through the increasing number of cybersecurity regulations by building a comprehensive cybersecurity program accounting for compliance and security,” said Paul Horn, Founder & CEO of H2Cyber. “Just because an organization is compliant doesn’t mean they are secure: it is a game of risk management.”
H2Cyber’s team makes its money in C-level advice and expertise. Its focus is squarely on the strategic and executive side of security, not on the nuts and bolts of applications such as backup and patch management. Yet its customers typically want more than a vCISO to advise on strategy as well as how to streamline interaction between business and IT. They also want recommendations about the right security tools and services to deploy to take care of potential incursions and threats such as ransomware. For that side of the business, H2Cyber outsources services to other MSPs. This enables its trained resources to focus on vCISO duties and other core competencies.
“Our customers want to know what works; they don’t have time to research and evaluate the different solutions out there, so they expect us to find the best MSP services for their needs,” said Horn.
His company operates a relatively lean infrastructure consisting of cloud services via Microsoft Azure and Amazon Web Services (AWS). It augments a small data center with MSP services, leveraging white-labeled products where possible. These services include cybersecurity compliance, antivirus, and cyber security support.
Syxsense, for example, is used by H2Cyber for vulnerability scanning, and other IT security services that help its clients remediate software and OS vulnerabilities such as incorrect or misconfigured settings. Patch management services, too, are provided by Syxsense. Horn noted that there are many patch management solutions to choose from. However, many require assets to be on-premises, only patch Windows-based systems and don’t offer management of mobile devices.
“Syxsense allows you to manage not just Windows, but Linux as well as Apple,” said Horn. “The Syxsense Secure platform allows the pushing of patches automatically and provides the necessary security and vulnerability discovery within our systems.”